As hackers expose widespread cybersecurity lapses and heighten fears about defending critical infrastructure from attack, one proposed solution has started gaining traction: Rather than attempt to tighten security on the modern Internet, it suggests creating an entirely new one.Earlier this month, former CIA Director Michael Hayden became the latest figure in Washington to call for a separate, secure Internet to shield vital systems like the power grid from cyber-attacks. The new commander of the military's cyberwar operations, Gen. Keith Alexander, has also endorsed the idea.
The proposal is an acknowledgement that very little can be done to protect a network connected to the World Wide Web -- a system originally designed for connectivity, not security -- from sophisticated hackers.
"It's an acceptance that the existing Internet is an inherently insecure platform," said Jeffrey Carr, founder of the security consulting firm Taia Global Inc. and author of the book "Inside Cyber Warfare." Computer networks tied to vital industries "can't afford that kind of exposure," he said.
Recently, federal officials acknowledged that a digital upgrade to the power grid, known as the "smart grid," could leave the nation's electricity supply more exposed to a cyber-attack. Meanwhile, a string of recent data breaches at corporations and government contractors by anonymous hackers has elevated concerns about gaps in the nation's high-tech armor.
"I think that's really raised attention as to how insecure everybody is, and how easy it is to retain anonymity and generate chaos and have very little chance of being caught," Carr said.
The new Internet, which could use the domain ".secure" instead of ".com," would enhance cybersecurity by running on a separate channel fenced off from the Web and thus invisible to outside hackers, proponents say. Eventually, private citizens who are concerned about their data being hacked could opt in to the more secure network, Carr said.
The proposal also contains some controversial provisions, however. For one, it would allow the government to monitor traffic for potential cyber-attacks. And it would require users to prove their identity, perhaps by fingerprint, before gaining access, eliminating a fundamental concept of the modern Internet -- anonymity.
But the growing concern for cybersecurity has some defending the idea of asking Internet users for their identity. Lack of anonymity could be a deterrent to hackers; if no one is anonymous, it would be easier for law enforcement to track suspects, Carr said.
Others argue that creating a system to identify Internet users would limit free speech, cost billions of dollars and not actually improve security. They say hackers would simply route their attacks through other user's computers.
"What such attempts would do is affect the average user's access to free speech, including those who use the Internet's anonymity to survive: dissidents in Iran, China, and elsewhere," cybersecurity expert Bruce Schneier wrote last year in an essay posted on Forbes.com.
Full Article
Source: Huffington
No comments:
Post a Comment